Blocking SQL Injection in Database Stored Procedures

Abstract

Web application is described as an application accessible by the web through a network. SQL injection is an attack method used by hackers to retrieve, manipulate,fabricate or delete information in organizations’ relational databases through web applications. Information processed by web applications has become critical tocorporations, customers, organizations, and countries. Several research papers in literature have proposed ways to prevent SQL injection attacks in the application layer by examining dynamic SQL query semantics a trun time. However, very little emphasis is laid on securing stored procedures which could also suffer from SQL injection attacks. Some research papers in literature even refer to stored procedures as a remedy against SQL injection attacks. As storedprocedures reside on the database front, the methods proposed by them cannot beapplied to secure stored procedures themselves. In this research paper, we propose a technique to defend against the attacks targeted at stored procedures.